Red Hat Summit7.3. Configuring Tomcat for JBoss ON Monitoring
To allow JBoss ON to monitor Tomcat in Red Hat JBoss Web Server, you must configure Tomcat to allow JBoss ON discovery, as well as providing JBoss ON the required access.
Procedure 7.3. Configuring User Permissions on a Linux Operating System
Note
For Microsoft Windows, skip these steps and proceed to Procedure 7.4, “Configuring Tomcat for JBoss ON Monitoring”.
The JBoss ON agent requires read and write permission to the
httpd and Tomcat directories.
- As a user with root privileges, run the following command to add the user which runs the JBoss ON Agent to the
tomcatandapacheuser groups:# usermod -aG tomcat,apache <JBOSSON_AGENT_USER>
Procedure 7.4. Configuring Tomcat for JBoss ON Monitoring
JBoss Web Server instances are auto-discovered on Linux and Unix platforms. However, you need to configure the instance's JMX to allow for proper handling of authentication, and accurate Tomcat monitoring.
To configure JMX to handle authentication:
- Open the
startupfile of the respective JBoss Web Server instance for editing:- On Red Hat Enterprise Linux installed from a ZIP file, open
JWS_HOME/tomcat<VERSION>/bin/startup.sh - On Red Hat Enterprise Linux installed from RPM, open
/usr/sbin/tomcat<VERSION> - On Microsoft Windows open
JWS_HOME\share\tomcat<VERSION>\bin\startup.bat. - On Solaris using
daemon.shto start Tomcat, openJWS_HOME/tomcat<VERSION>/bin/setenv.sh
- Define an available port for JMX monitoring. Ensure the port is not blocked by any firewall.
- On Red Hat Enterprise Linux and Solaris:
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=PORT_NUMBER -Djava.rmi.server.hostname=IP_ADDRESS" - On Microsoft Windows:
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=PORT_NUMBER -Djava.rmi.server.hostname=IP_ADDRESS"
- In production environments, add the following lines to the JAVA_OPTS variable in the startup file to secure JMX with SSL and restrict the access with a firewall:
- On Red Hat Enterprise Linux and Solaris
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=JWS_HOME/jmxremote.access" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=JWS_HOME/jmxremote.password" - On Microsoft Windows:
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.access.file=JWS_HOME\jmxremote.access" set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.password.file=JWS_HOME\jmxremote.password"
Note
If you want to disable authentication and SSL for development purposes, add the following lines to the JAVA_OPTS variable in the startup file:JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false" - Once the Tomcat server resource is discovered and imported into the JBoss ON inventory, it may be necessary to update the new resource's connection settings.
- In the JBoss ON interface, click for the newly imported Tomcat server resource.
- Verify the value of the Manager URL property to the RMI URL, to ensure it uses the correct JMX host name and port number as defined in the Tomcat server startup file. An example for this value is shown below:
service:jmx:rmi:///jndi/rmi://$IP_ADDRESS:$PORT/jmxrmi
7.3.1. Configuring JBoss ON Monitoring for Tomcat Installed from RPMs
Procedure 7.5. Configuring JBoss ON Monitoring for Tomcat Installed from RPMs
- In a shell prompt become the root user.
- Set up JMX JAVA_OPTS properties in the
/usr/sbin/tomcat<VERSION>/startupfile in thestartandstart-securitysections.if [ "$1" = "start" ]; then JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8100 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxr emote.access.file="/etc/tomcat<VERSION>/jmxremote.access" -Dcom.sun.management.jmxremote.password.file="/etc/tomcat<VERSION>/jmxremote.password"" ${JAVACMD} $JAVA_OPTS $LOGGING_CONFIG $CATALINA_OPTS \ -classpath "$CLASSPATH" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ -Djava.io.tmpdir="$CATALINA_TMPDIR" \ org.apache.catalina.startup.Bootstrap start \ >> ${CATALINA_BASE}/logs/catalina.out 2>&1 & if [ ! -z "$CATALINA_PID" ]; then echo $! > $CATALINA_PID fi elif [ "$1" = "start-security" ]; then JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=8100 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxr emote.access.file="/etc/tomcat<VERSION>/jmxremote.access" -Dcom.sun.management.jmxremote.password.file="/etc/tomcat<VERSION>/jmxremote.password"" ${JAVACMD} $JAVA_OPTS $LOGGING_CONFIG $CATALINA_OPTS \ -classpath "$CLASSPATH" \ -Dcatalina.base="$CATALINA_BASE" \ - In
/etc/tomcat<VERSION>/tomcat<VERSION>.conf, configure Tomcat to run as the root user.TOMCAT_USER="root"
- Run the following command to start Tomcat.
service tomcat<VERSION> start
- Start the JBoss ON agent.
- In the JBoss ON Web UI, import the JBoss ON agent and Tomcat.
- In the JBoss ON Web UI, setup the Tomcat connection configuration (principal and credentials).
- In the JBoss ON Web UI, set the Tomcat Control method configuration to
RPM System V init script.Note
Start and Shutdown script may not be set because the Tomcat plugin always runs theservice tomcat<VERSION> start/stopcommand for theRPM System V init scriptconfiguration setting.
7.3.2. Configuring JBoss ON Monitoring for Tomcat Installed as a Windows Service
Procedure 7.6. Configuring JBoss ON for JBoss Web Server with Tomcat Installed as a Windows Service
- Create the
jmxremote.accessfile withcontrolRole readwritein theC:\jmxdirectory. - Create the
jmxremote.passwordfile withcontrolRole pwdin theC:\jmxdirectory.Note
Set the owner ofjmxremote.accessandjmxremote.passwordto SYSTEM, and restrict the access ofjmxremote.passwordonly to SYSTEM. The SYSTEM user must only have read access. - Enable JMX for the Tomcat Windows service.
JWS_HOME\sbin\tomcat<VERSION>.exe //US//Tomcat<VERSION> ++JvmOptions="-Dcom.sun.management.jmxremote.port=8100;-Dcom.sun.management.jmxremote.access.file="C:\jmx\jmxremote.access";-Dcom.sun.management.jmxremote.password.file="C:\jmx\jmxremote.password";-Dcom.sun.management.jmxremote.ssl=false;-Dcom.sun.management.jmxremote.authenticate=true"
- Start the Tomcat Windows service, and verify that it is running.
- Install and configure the JBoss ON agent. Type
discoveryin the agent prompt to discover the Tomcat Windows service. - In the JBoss ON Web UI, click and then, click and select .
- In the JBoss ON Web UI, go to Platforms and search for the agent name. Click on your agent.
- On the Agent page, Tomcat Servers are listed. Select your Tomcat server by clicking it.
- In the JBoss ON Web UI, click on the tab and then configure the Tomcat Server in Connection Settings.
- Enter the Principal and Credentials information. use the
controlRoleand password set in thejmxremotefiles. - Set the control method to
RPM System V init script.Note
You can not set Start and Shutdown Script fields. - Click .
- Update the connection settings of the Tomcat Server JVM and set Principal and Credentials.
